Hello
Setting up freeradius3 into an Archer C7.
First thing to notice was the links in the library directory when doing radiusd -X
test runs.
Second thing to notice is that there seems to be no package of type "freeradius3-full" to pull in all modules. So one needs to either install them all or add them one by one.
Failed to find "reject" as a module or policy.
-> install freeradius3-mod-always
Failed to find "suffix" as a module or policy.
-> install freeradius3-mod-realm
The greatest problem for me will be, I think, that the concepts are explained nowhere. I assume that one can build a quite wild combination of authenticating sources, whereas my simple intention is to just set up first a file-based username/password combinations for wireless, and then maybe later use an external storage for credentials.
Update 1:
/etc/freeradius3/policy.d/accounting[37]: Failed parsing expanded string:
/etc/freeradius3/policy.d/accounting[37]: %{md5:%{1},%{Acct-Session-ID}}
/etc/freeradius3/policy.d/accounting[37]: ^ Unknown module
-> install freeradius3-mod-expr
Update 2:
After you get the server to start with the default configuration, you have installed all the module packages except freeradius3-mod-ldap
and freeradius3-mod-passwd
.
Update 3:
In /etc/freeradius3/mods-config/files/authorize
I have the line
testing Cleartext-Password := "paaswoord"
Now I need to find the radtest
binary to test basic password authentication.
Update 4:
Seems like radtest
is missing from the freeradius3-utils
package. But since it is just a front-end for radclient
, I need to figure out the latter one's syntax. I do see the segfaults mentioned elsewhere, and need to find out a solution for those too.
Update 5:
Did /usr/lib# for A in freeradius3/* ; do ln -s $A ; done
but not sure if it did any good. The segfault is still there in radclient
.
Update 6:
Since the radclient
that comes with OpenWRT just segfaults, one can use a nearby linux workstation to test basic authentication. For this one needs to add the workstation into /etc/freeradius3/clients.conf
. As in here:
client workstation {
ipaddr = workstations_name
secret = myownsecret
}
Of course, in place of the workstation's name you write its IP address if it is not in your local DNS. Then you test it as in
radtest <account name> <password> <router ip> <nas port> <secret>
where the nas port
is just any number, i.e.
radtest testing paaswoord 192.168.1.1 0 myownsecret
.